Uber awards investigator $10,000 for reportage security hole
Uber has awarded an investigator $10,000 for locating a login bypass bug that associate assaulter might have wont to compromise the company’s internal network. On May 4th, Finnish investigator Jouko Pynnönen, UN agency works for the protection company Klikki Oy, submitted a report back to Uber’s bug bounty program hosted on HackerOne.
He determined however many *.uber.com websites do not use the WordPress login. Instead, they accept OneLogin, a supplier of single sign-on (SSO) and identity management services for cloud-based applications that use SAML and OpenID further as alternative formats and standards.
Uber awarded Finnish security investigator Jouko Pynnönen $10,000 for locating the flaw last month, equalling the very best bounty the corporate has paid out since it launched the program earlier this year. The exploit had 2 components, per Pynnönen, one that allowed him to bypass the system Uber uses for worker authentication, OneLogin, associated another that might have let an assaulter compromise Uber’s internal network, hosted on Atlassian’s Confluence collaboration code. Pynnönen, UN agency works for the firm Klikki Oy, told Threatpost on Tuesday that the login bug he found may well be wont to compromise a server that uses WordPress – like Uber’s PR website, newsroom.uber.com.
See additional at Uber Pays investigator $10K for Login Bypass Exploit https://wp.me/p3AjUX-uPy
According to the investigator, the WordPress plugin shipped by OneLogin contained a bug that allowed associate assaulter the flexibility to provide any username, email address, name, or role they wished. “If the username doesn’t exist already within the WordPress info, then the plugin can produce a brand new user,” Pynnönen wrote in his summary of the bug on HackerOne. On one website, eng.uber.com, he was able to produce a “Subscriber” account, whereas, on another, the newsroom.uber.com site, he was able to produce associate “Administrator” account, just by approximation the role’s name.
Uber’s bug bounty program got off the bottom and graduated from non-public beta mode in March however thus far the corporate had solely awarded $10,000 to a man of science on one occasion. In March, shortly when the program’s origination, a man of science World Health Organization goes by the handle Orange discovered an overseas code execution vulnerability in its rider web site. Pynnönen has been good at finding bugs that have an effect on the ride-sharing app since the program debuted. He’s filed thirteen bug reports, primarily RCE, CSRF, XSS, and SQL injection vulnerabilities that have an effect on WordPress parts employed by the service, and is one among the highest reporters on the company’s HackerOne page.
See a lot of at Uber Pays man of science $10K for Login Bypass Exploit https://wp.me/p3AjUX-uPy